Description

OpenVPN clients crash when --server-poll-timeout is used with a static key config. It crashes in check_server_poll_timeout_dowork (forward.c:334) which is "if (!tls_initial_packet_received (c->c2.tls_multi))". Valgrind reports the following (on 64-bit Linux custom compiled version of OpenVPN with debugging enabled), but the crash also occurs on Windows and Android versions of OpenVPN):
==9862== Process terminating with default action of signal 11 (SIGSEGV)
==9862== Access not within mapped region at address 0x208
==9862== at 0x412952: check_server_poll_timeout_dowork (forward.c:334)
==9862== by 0x41543E: pre_select (forward-inline.h:130)
==9862== by 0x433C2D: openvpn_main (openvpn.c:80)
==9862== by 0x58BD60C: (below main) (in /lib64/libc-2.15.so)

Change History (7)

I think this is expected behavior. Using static keys implies peer to peer, which is why any features that depend on asymmetrical client-server relationship will not work. I think it makes sense to explicitly mention this on the man-page in the "--secret" section.

The internal machinery wants TLS for this to work, so just add this
to the (long) list of options not allowed unless either --tls-client
or --tls-server is active. For added sanity, add an ASSERT() call
to the place where this combination caused a NULL ptr reference, and
document the restriction.